An object that defines which security controls are enabled in an AWS Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if ServiceEnabled is set to true in your configuration policy.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"DisabledSecurityControlIdentifiers" : [ String, ... ],
"EnabledSecurityControlIdentifiers" : [ String, ... ],
"SecurityControlCustomParameters" : [ SecurityControlCustomParameter, ... ]
}
YAML
DisabledSecurityControlIdentifiers:
- String
EnabledSecurityControlIdentifiers:
- String
SecurityControlCustomParameters:
- SecurityControlCustomParameter
Properties
DisabledSecurityControlIdentifiers-
A list of security controls that are disabled in the configuration policy.
Provide only one of
EnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers.If you provide
DisabledSecurityControlIdentifiers, Security Hub enables all other controls not in the list, and enables AutoEnableControls.Required: No
Type: Array of String
Maximum:
2048 | 1000Update requires: No interruption
EnabledSecurityControlIdentifiers-
A list of security controls that are enabled in the configuration policy.
Provide only one of
EnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers.If you provide
EnabledSecurityControlIdentifiers, Security Hub disables all other controls not in the list, and disables AutoEnableControls.Required: No
Type: Array of String
Maximum:
2048 | 1000Update requires: No interruption
SecurityControlCustomParameters-
A list of security controls and control parameter values that are included in a configuration policy.
Required: No
Type: Array of SecurityControlCustomParameter
Maximum:
1000Update requires: No interruption
